Behind Knox’s email server privacy policy

Ross Davis’ cubicle at IT Help Desk. (Dan Perez/TKS)

Three years ago, the Ultimate Frisbee team sent out emails inviting members to weekend parties. At some point, the members started replacing the word “keg” with “cake”. Afterwards, rumor sparked amongst the team that the words had been replaced due to administrators reading emails that contained words or phrases that violated school policy.

Senior frisbee captain Lillie Sronkoski confirmed that the word “cake” became a recurring joke amongst the frisbee team after there was an actual cake at one of the frisbee parties. Sronkoski also believed that the administration had read one of their emails.

“One time we got an email from the administration saying you can’t send out emails with alcohol [references] in it,” said Sronkoski. “I didn’t personally get the email, but the spirit captain at the time did.”

There were some students who had doubts about the alleged email reading, however.

“I feel like maybe the college has [more] things to worry about, other than us having fun for a few nights,” freshman frisbee player David Zavala said.

Emails in the Knox systems are kept virtually forever and files in Google Docs are backed up for anywhere between 9 and 14 months, leaving time for information to be accessed by the school.

“Any information stored on Knox College’s systems belongs to Knox College. It does not, however, give us the right to not provide you your reasonable expectation of privacy,” Vice President for Information Technology Services and Chief Information Officer Steven Hall said.

The “Knox College Policy on Acceptable Use of Information Technology Services,” an agreement that all users of Knox College email services accept when they first receive their emails, states the situations in which the IT department is allowed to look through certain emails. The agreement also tells users who is allowed to authorize that access.

As stated in Section VI of the policy document, the few people allowed to call for investigative actionÑ when IT staff look through emails without consent of the usersÑ are as follows: the President, the Vice President of Academic Affairs, the VP for Administrative Services, the VP for Student Affairs and/or their respected appointees.

Reports to take investigative action are provoked by several cases: allegations of school policies being violated by students or staff, public safety concerns, health concerns or when required by law at any level of government (i.e. evidence required for court cases).

“We try to mimic what happens in the United States: you’re protected from illegal search and seizure and we’re not accessing that information to look for a crime or evidence of a policy violation,” Hall said. “But once something has been alleged, if it rises to the level that we need to investigate, those officials’ judgement will authorize us to do so.”

However, authorization by these individuals in the stated cases are not always the cause of email overseeing. According to the email policy document, non-investigative access occurs when IT staff work with computers and networks to prevent and fix security problems. Naturally, the staff may come across stored information on college and personal devices connected to the college network. Non-investigative access also includes carrying out business functions of the college or maintaining the privacy of confidential information (i.e. Title IX cases).

The policy document states that “Unless there are suspected violations of the law of College policy [during these non-investigative processes], the staff will respect the privacy of the individual.”

The parties stopped by Campus Safety that caused this rumor could have been discovered by email, either by chance during IT staff work or during approved investigations following the email policy terms. In addition, there are other ways that the administration can learn about student activity to investigate other safety or policy infringement issues.

“It’s not just email, they can check and see if someone has been eating. So there’s a lot of different systems out there that have information about student behavior,” Hall said.

In addition, the document states, “The College does not, as a rule, monitor the content of materials transported over the College’s network resources or posted on College-owned computers and networks, but reserves the right to do so.” This debunks any idea that the college has a system that filters out certain words in an email that could hint at violations of college policies unless a proposed and approved investigative action calls for it.

“The Knox email is the school’s property, so they do have a right to [monitor emails], but it’s also the student’s fault to use an educational email as a medium to converse about beer and such,” freshman frisbee player Kelly Feng said.